At present, in all kinds of communication systems and particularly in mobile communication systems, the implementation of security communication is of great importance for guaranteeing security of information transmitted between subscribers. Therefore, it is necessary to protect the data being transmitted with encryption. Generally, encrypting the data for protection means an encryption algorithm is adopted by both the communication sides. The transmit side encrypts the data to be transmitted with a selected encryption algorithm and then transmits the encrypted data, which is decrypted with the selected algorithm after being received by the receive side.
In 3G mobile communication systems, the encryption function of air interface is usually implemented between a User Equipment (UE) and UMTS terrestrial Radio Access Network (RAN). According to the regulation of the prior protocol, each encryption algorithm corresponds to one single User Encryption Algorithm (UEA). An encryption algorithm is determined through comparing the algorithms supported by UE and the available algorithms designated by CN and through comparing the UEAs in the access network. As shown in FIG. 1, the specific implementing process of the air interface encryption protection in the prior mobile communication system is as follows:
1) UE sends UE security capability to the access network.
After the successful connection between UE and the access network, the UE sends its encryption algorithm capability parameters to the access network by way of a message A, notifying the access network the encryption algorithms supported by the UE. On receiving the message A, the access network stores the encryption algorithm information supported by the UE.
2) CN initiates establishment of security mode.
When initiating establishment of security mode, the CN determines the available encryption algorithms according to the presetting and sends to the access network a message B carrying the encryption algorithm information supported by the network.
3) The access network determines the encryption algorithm used in security communication.
After receiving the message B, the access network determines an encryption algorithm supported by both the UE and the access network for the security communication according to the received UEAs supported by the CN and the pre-stored UEAs supported by the UE. Then the access network sends to UE a message C carrying the determined UEA, notifying CN the finally determined encryption algorithm.
4) UE sets local security algorithm.
After receiving the message C, firstly the UE sets the encryption algorithm designated in the received message C as the local terminal security encryption algorithm; then the UE sends to the access network a message D indicating the successful setting of security mode.
5) The access network notifies CN of the successful security mode setting.
After receiving the message D, the access network sends to CN a message E which carries the selected encryption algorithm parameters and indicates the successful setting of security mode.
6) CN completes the security mode setting procedure.
After receiving the message D indicating the successful setting of security mode, the CN completes the self-setting of security mode procedure and then waits until the predetermined time is due. When the predetermined time is due, the UE and the access network begins security communication in which the encryption algorithm corresponding to the selected UEA is employed to encrypt or decrypt data.
During the above-mentioned procedure, the encryption algorithms used for encryption and decryption at air interface are placed in the terminal and access network respectively. Those encryption algorithms supported by CN must be supported by the access network. Generally speaking, encryption algorithm isn't unique. Many different kinds of encryption algorithms can be defined and each one corresponds to a single UEA. Service providers can support selection of different encryption algorithms. However, because air interface encryption is equally implemented in both access network and terminal, access networks and terminal equipments of different service providers must have intercommunication in consideration of the intercommunication among different access networks and terminal equipments. So, all the prior encryption algorithms are required to be standard encryption algorithms regulated by the protocol.
If the regulation comprises more than one standard encryption algorithm, in order to support global roam, the system must include all the standard encryption algorithms. Accordingly, all the standard encryption algorithms will be supported by CN. If it is found after comparison that the terminal and access network have more than one identical standard encryption algorithm available, because the method for selecting encryption algorithms and the priority about selection is not defined in the regulation, the access network can select any one of the standard encryption algorithms available for security communication, if only the terminal and access network adopt the same algorithm. If no identical encryption algorithm is available in the terminals and the access networks but encryption is required in CN, normal security communication cannot be provided to the terminal.
Due to the particularity of password application and in consideration of the information safeness and security of one's country or network, different countries or service providers prefer to use their individual encryption algorithms respectively in order to prevent uncertain loss which results from the ease of decrypting the password. Thus, two problems appear when the user is roaming:
1) In respect of the terminal and the access network, if one side supports a self-developed encryption algorithm which isn't supported by the other side, the two communication sides fail to select an encryption algorithm supported by both sides, which results in the failure of normal security communication.
2) For some countries or service providers who have to adopt self-developed encryption algorithms for air interface security communication, the prior mobile communication system reserves some UEAs to go with the self-developed encryption algorithms. However, since there is no unified prescription concerning use of the reserved UEAs, every country or service provider can choose any one of the reserved UEAs. So, the problem of encryption algorithm conflict may occur during the roam of mobile subscribers. For example, two different countries adopt different self-developed encryption algorithms, but these two countries choose the same UEA for their encryption algorithms. In terms of the prior setting procedure of security mode, when a subscriber of one country roams to another country and the encryption algorithms are consulted, a normal connection will be established between both parts because of their equal UEA value, but normal communication cannot be realized because of different encryption algorithms.
Accordingly, a solving scheme has been provided in another patent application, which is as follows: a CI is added, and judgment for CI and judgment for encryption algorithms supported by the current subscriber and the network is also added. If a subscriber is a foreign subscriber and both the UE and network support the standard encryption algorithm, or if the subscriber is a domestic subscriber and both the UE and network support a self-developed encryption algorithm other than the standard encryption algorithm, normal security communication can be implemented; otherwise, security communication is unavailable. However, since a step of defining bits and a judge step are added, the whole message structure, message delivery procedure, parameter setting and control flow need to be added or changed accordingly. Thus the present processing flow is partly affected and the implementation is inconvenient.